GP 2.2 INITIALIZE UPDATE (0x50) oddness

classic Classic list List threaded Threaded
31 messages Options
12
Reply | Threaded
Open this post in threaded view
|

GP 2.2 INITIALIZE UPDATE (0x50) oddness

landyman70
I am in the process of writing a system that reads from a JCOP smartcard with GP 2.2 and a custom applet on.
All was going well, until I tried to do authentication, and I seem to have run into an issue.
When ever I send an INITIALIZE UPDATE APDU to a card it always returns the same value back in the Card Challenge part of the response.
It doesn't matter if I physically remove the card, when ever I call it I get the same values back.
This behaviour is in correct as the Card Challenge part of the response should be (according to the spec) "an internally generated random number."
When I run the APDUs through the native Windows PCSC layer I get randomness, but when I run it through pcsc-lite 1.8.8 in Open Suse there is no randomness.
This is a problem as the applet on the card is secured, so in order to do anything, you need to be in an authenticated session and without the random Card Challenge all authentication fails.
I have been using the same card and reader each time.
Can anyone shed any light on this issue please?
Reply | Threaded
Open this post in threaded view
|

Re: GP 2.2 INITIALIZE UPDATE (0x50) oddness

Ludovic Rousseau
2013/9/19 landyman70 <[hidden email]>:

> I am in the process of writing a system that reads from a JCOP smartcard with
> GP 2.2 and a custom applet on.
> All was going well, until I tried to do authentication, and I seem to have
> run into an issue.
> When ever I send an INITIALIZE UPDATE APDU to a card it always returns the
> same value back in the Card Challenge part of the response.
> It doesn't matter if I physically remove the card, when ever I call it I get
> the same values back.
> This behaviour is in correct as the Card Challenge part of the response
> should be (according to the spec) "an internally generated random number."
> When I run the APDUs through the native Windows PCSC layer I get randomness,
> but when I run it through pcsc-lite 1.8.8 in Open Suse there is no
> randomness.
> This is a problem as the applet on the card is secured, so in order to do
> anything, you need to be in an authenticated session and without the random
> Card Challenge all authentication fails.
> I have been using the same card and reader each time.
> Can anyone shed any light on this issue please?

Maybe your card has been backdoored by the NSA?

Can you send a simple GET CHALLENGE [1] APDU and get some randomness?

You should compare the APDUs send on Windows with the APDUs send on GNU/Linux.
I am sure something is different.

Bye

[1] http://www.cardwerk.com/smartcards/smartcard_standard_ISO7816-4_6_basic_interindustry_commands.aspx#chap6_15

--
 Dr. Ludovic Rousseau

_______________________________________________
Muscle mailing list
[hidden email]
http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com
Reply | Threaded
Open this post in threaded view
|

Re: GP 2.2 INITIALIZE UPDATE (0x50) oddness

landyman70
Here is the 2 APDUs that get sent under linux:
80500300080102030405060708
00C000001C
this yields:
611C [1C bytes waiting]
00020000000000000000030200528EDDBD4CFAE5179BF9E427D999A89000
this breaks down into
00020000000000000000 - key diversification data
0302 - key information
0052 - sequence counter
8EDDBD4CFAE5 - card challenge
179BF9E427D999A8 - card cryptogram
9000 - result code (okay)
And each time I execute these APDUs I get exactly the same result, where the card challenge section *should* be random.
Under windows:
80500300080102030405060708
00C000001C
yields:
611C
00020000000000000000030200267DAEA944AAA065ACCCB2C9654A059000
breaks down into
00020000000000000000 - key diversification data
0302 - key information
0026 - sequence counter
7DAEA944AAA0 - card challenge
65ACCCB2C9654A05 - card cryptogram
9000 - okay
when run multiple times, the sequence counter is incremented, and the card challenge and card cryptograms are different.
Its the same reader and card each time.
Reply | Threaded
Open this post in threaded view
|

Re: GP 2.2 INITIALIZE UPDATE (0x50) oddness

Sebastien Lorquet
hello,

I have an idea, but to help me confirm it, can you post the response to the
SELECT APPLICATION command you send to the ISD?

Try 00A4 0400 00

BR

Sébastien Lorquet

Le 20/09/2013 09:46, landyman70 a écrit :

> Here is the 2 APDUs that get sent under linux:
> 80500300080102030405060708
> 00C000001C
> this yields:
> 611C [1C bytes waiting]
> 00020000000000000000030200528EDDBD4CFAE5179BF9E427D999A89000
> this breaks down into
> 00020000000000000000 - key diversification data
> 0302 - key information
> 0052 - sequence counter
> 8EDDBD4CFAE5 - card challenge
> 179BF9E427D999A8 - card cryptogram
> 9000 - result code (okay)
> And each time I execute these APDUs I get exactly the same result, where the
> card challenge section *should* be random.
> Under windows:
> 80500300080102030405060708
> 00C000001C
> yields:
> 611C
> 00020000000000000000030200267DAEA944AAA065ACCCB2C9654A059000
> breaks down into
> 00020000000000000000 - key diversification data
> 0302 - key information
> 0026 - sequence counter
> 7DAEA944AAA0 - card challenge
> 65ACCCB2C9654A05 - card cryptogram
> 9000 - okay
> when run multiple times, the sequence counter is incremented, and the card
> challenge and card cryptograms are different.
> Its the same reader and card each time.
>
>
>
> --
> View this message in context: http://musclecard.996296.n3.nabble.com/GP-2-2-INITIALIZE-UPDATE-0x50-oddness-tp5042p5044.html
> Sent from the MuscleCard mailing list archive at Nabble.com.
>
> _______________________________________________
> Muscle mailing list
> [hidden email]
> http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com
>

_______________________________________________
Muscle mailing list
[hidden email]
http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com
Reply | Threaded
Open this post in threaded view
|

Re: GP 2.2 INITIALIZE UPDATE (0x50) oddness

landyman70
In reply to this post by landyman70
The NSA has never been near this card as it has never left my desk! :)
The applet selected has overridden the 0x84 command, so I cannot issue that instruction, but my other findings are there... (up or down - not sure where this will be placed!)
Reply | Threaded
Open this post in threaded view
|

Re: GP 2.2 INITIALIZE UPDATE (0x50) oddness

Sebastien Lorquet
If the NSA played with your card, they did it before you bought it :)

I cannot see any answer to select in your previous messages.

You should still be able to issue this command even if you sent too many INIT
update and locked the card.

BR

Sébastien Lorquet

Le 20/09/2013 09:55, landyman70 a écrit :

> The NSA has never been near this card as it has never left my desk! :)
> The applet selected has overridden the 0x84 command, so I cannot issue that
> instruction, but my other findings are there... (up or down - not sure where
> this will be placed!)
>
>
>
> --
> View this message in context: http://musclecard.996296.n3.nabble.com/GP-2-2-INITIALIZE-UPDATE-0x50-oddness-tp5042p5046.html
> Sent from the MuscleCard mailing list archive at Nabble.com.
>
> _______________________________________________
> Muscle mailing list
> [hidden email]
> http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com
>

_______________________________________________
Muscle mailing list
[hidden email]
http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com
Reply | Threaded
Open this post in threaded view
|

Re: GP 2.2 INITIALIZE UPDATE (0x50) oddness

landyman70
In reply to this post by Sebastien Lorquet
Sebastian,
when I send 00A4040000 I get 6C67, so I sent 00A4040067 and the command failed... with a "Transaction failed." error.
Hope that helps.
Reply | Threaded
Open this post in threaded view
|

Re: GP 2.2 INITIALIZE UPDATE (0x50) oddness

landyman70
In reply to this post by Sebastien Lorquet
Sebastian,
If the card was locked, it wouldn't work under windows either, so I don't that's the case.
Reply | Threaded
Open this post in threaded view
|

Re: GP 2.2 INITIALIZE UPDATE (0x50) oddness

Sebastien Lorquet
In reply to this post by landyman70
You're obviously using a contact coupler in T=0 when I work daily with
contactless cards where Le does not matter :)

SELECT is a case 4 APDU so you have to send:

00A4 0400 00 67

or 00A4 0400 00 00
and the card will reply 6167

BR

Sébastien Lorquet

Le 20/09/2013 10:01, landyman70 a écrit :

> Sebastian,
> when I send 00A4040000 I get 6C67, so I sent 00A4040067 and the command
> failed... with a "Transaction failed." error.
> Hope that helps.
>
>
>
> --
> View this message in context: http://musclecard.996296.n3.nabble.com/GP-2-2-INITIALIZE-UPDATE-0x50-oddness-tp5042p5048.html
> Sent from the MuscleCard mailing list archive at Nabble.com.
>
> _______________________________________________
> Muscle mailing list
> [hidden email]
> http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com
>

_______________________________________________
Muscle mailing list
[hidden email]
http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com
Reply | Threaded
Open this post in threaded view
|

Re: GP 2.2 INITIALIZE UPDATE (0x50) oddness

Sebastien Lorquet
In reply to this post by landyman70
OK, I think I misunderstood your previous message.

Usually if you send too many init update commands without successful ext
authenticate, the card will become locked.

So I may have missed something.

BR

Sébastien Lorquet

Le 20/09/2013 10:03, landyman70 a écrit :

> Sebastian,
> If the card was locked, it wouldn't work under windows either, so I don't
> that's the case.
>
>
>
>
> --
> View this message in context: http://musclecard.996296.n3.nabble.com/GP-2-2-INITIALIZE-UPDATE-0x50-oddness-tp5042p5049.html
> Sent from the MuscleCard mailing list archive at Nabble.com.
>
> _______________________________________________
> Muscle mailing list
> [hidden email]
> http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com
>

_______________________________________________
Muscle mailing list
[hidden email]
http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com
Reply | Threaded
Open this post in threaded view
|

Re: GP 2.2 INITIALIZE UPDATE (0x50) oddness

antoonio
In reply to this post by landyman70
Madafakaaaz :D


------Original Message------
From: landyman70
Sender: Muscle
To: [hidden email]
ReplyTo: MUSCLE
Subject: Re: [Muscle] GP 2.2 INITIALIZE UPDATE (0x50) oddness
Sent: Sep 20, 2013 11:03

Sebastian,
If the card was locked, it wouldn't work under windows either, so I don't
that's the case.




--
View this message in context: http://musclecard.996296.n3.nabble.com/GP-2-2-INITIALIZE-UPDATE-0x50-oddness-tp5042p5049.html
Sent from the MuscleCard mailing list archive at Nabble.com.

_______________________________________________
Muscle mailing list
[hidden email]
http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com


Sent from my BlackBerry® wireless device
_______________________________________________
Muscle mailing list
[hidden email]
http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com
Reply | Threaded
Open this post in threaded view
|

Re: GP 2.2 INITIALIZE UPDATE (0x50) oddness

landyman70
In reply to this post by Sebastien Lorquet
Sebastien,
I thought that the card(s) may have become locked, so I do swap them into the windows side and do a read, just to avoid them becoming locked. I usually attempt 2 INIT UPDATEs before I do a full read in the Windows side. :)
I can make new cards from some stock of "blanks" that I have.
We get the cards direct from the manufacturer, so unless the NSA have knobbled our the manufacturer, I cannot see how this could be an issue :) (and both the manufacturer and us are in the EU...)
Reply | Threaded
Open this post in threaded view
|

Re: GP 2.2 INITIALIZE UPDATE (0x50) oddness

Sebastien Lorquet
With the nsa you never know ;)
But this is not important.

Can you, please, send me the answer to select from the ISD?

And also, if possible, the external authenticate command and response.
No security issue, commands cannot be replayed because of sequence counters.

BR

Sébastien Lorquet

Le 20/09/2013 10:43, landyman70 a écrit :

> Sebastien,
> I thought that the card(s) may have become locked, so I do swap them into
> the windows side and do a read, just to avoid them becoming locked. I
> usually attempt 2 INIT UPDATEs before I do a full read in the Windows side.
> :)
> I can make new cards from some stock of "blanks" that I have.
> We get the cards direct from the manufacturer, so unless the NSA have
> knobbled our the manufacturer, I cannot see how this could be an issue :)
> (and both the manufacturer and us are in the EU...)
>
>
>
> --
> View this message in context: http://musclecard.996296.n3.nabble.com/GP-2-2-INITIALIZE-UPDATE-0x50-oddness-tp5042p5053.html
> Sent from the MuscleCard mailing list archive at Nabble.com.
>
> _______________________________________________
> Muscle mailing list
> [hidden email]
> http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com
>

_______________________________________________
Muscle mailing list
[hidden email]
http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com
Reply | Threaded
Open this post in threaded view
|

Re: GP 2.2 INITIALIZE UPDATE (0x50) oddness

landyman70
Sebastien,
When I issue the 00A4040067 the SCardTransmit fails.
When I try it on T=1 I get 6985 (Usage conditions not satisfied).
Does this indicate that the card is locked?
Reply | Threaded
Open this post in threaded view
|

Re: GP 2.2 INITIALIZE UPDATE (0x50) oddness

antoonio
In reply to this post by landyman70
FU


------Original Message------
From: landyman70
Sender: Muscle
To: [hidden email]
ReplyTo: MUSCLE
Subject: Re: [Muscle] GP 2.2 INITIALIZE UPDATE (0x50) oddness
Sent: Sep 20, 2013 11:43

Sebastien,
I thought that the card(s) may have become locked, so I do swap them into
the windows side and do a read, just to avoid them becoming locked. I
usually attempt 2 INIT UPDATEs before I do a full read in the Windows side.
:)
I can make new cards from some stock of "blanks" that I have.
We get the cards direct from the manufacturer, so unless the NSA have
knobbled our the manufacturer, I cannot see how this could be an issue :)
(and both the manufacturer and us are in the EU...)



--
View this message in context: http://musclecard.996296.n3.nabble.com/GP-2-2-INITIALIZE-UPDATE-0x50-oddness-tp5042p5053.html
Sent from the MuscleCard mailing list archive at Nabble.com.

_______________________________________________
Muscle mailing list
[hidden email]
http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com


Sent from my BlackBerry® wireless device
_______________________________________________
Muscle mailing list
[hidden email]
http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com
Reply | Threaded
Open this post in threaded view
|

Re: GP 2.2 INITIALIZE UPDATE (0x50) oddness

Sebastien Lorquet
In reply to this post by landyman70
( Ludovic, can you please ban this "freescale" bot? )

I'm surprised of this behaviour.

If the card is locked I know that init update will fail. But select shall work.
If the card is locked select will return 6283, the mute card condition is
unusual. Maybe there is a default selected application and you need to specify
the ISD AID. Do you know that AID? Then try it in SELECT APPLICATION.

If that fails, can you try the GET DATA command that will return info about the
ISD? it should return a long data block. I think it's tag 0x73  (card
recognition data). If that fails, try tag 0x66: see GP 2.2 page 353, table H-1

80CA 0073 00

or

80CA 0066 00

BR

Sébastien Lorquet

Le 20/09/2013 11:05, landyman70 a écrit :

> Sebastien,
> When I issue the 00A4040067 the SCardTransmit fails.
> When I try it on T=1 I get 6985 (Usage conditions not satisfied).
> Does this indicate that the card is locked?
>
>
>
> --
> View this message in context: http://musclecard.996296.n3.nabble.com/GP-2-2-INITIALIZE-UPDATE-0x50-oddness-tp5042p5055.html
> Sent from the MuscleCard mailing list archive at Nabble.com.
>
> _______________________________________________
> Muscle mailing list
> [hidden email]
> http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com
>

_______________________________________________
Muscle mailing list
[hidden email]
http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com
Reply | Threaded
Open this post in threaded view
|

Re: GP 2.2 INITIALIZE UPDATE (0x50) oddness

landyman70
Okay, been doing a bit more investigating.
When I run my application, I call the methods in the following order:
SCardEstablishContext
[loop]
SCardConnect
SCardStatus
SCardTransmit (select Card Manager A0 00 00 00 03 00 00 00)
SCardTransmit (get response [00 c0 ...])
SCardDisconnect()
[end of loop]
SCardReleaseContext

so in each loop i connect, get the status (for ATR) and send some commands then close the card.

However when I do this I the first SCardTransmit returns 6D00.
if I then run gscriptor, connect and send the same 2 APDUs it works. Once this has worked, my app works correctly.

My calls are:
SCardEstablishContext(SCARD_SCOPE_SYSTEM, NULL, NULL, &hContext)
SCardConnect(hContext, mszReader, SCARD_SHARE_SHARED, SCARD_PROTOCOL_T0 | SCARD_PROTOCOL_T1, &hCard, &dwActiveProtocol)
SCardStatus(hCard, mszReader, dwReaderNameLen, dwState, dwActiveProtocol, pATR, dwATRLen)
SCardTransmit(hCard, pioSendPci, command, sizeof(command), NULL, pRXData, &dwRXDataSize)
SCardDisconnect(hCard, SCARD_LEAVE_CARD)
SCardReleaseContext(hContext)

Why is my card not responding up properly until I use gscriptor?
Reply | Threaded
Open this post in threaded view
|

Re: GP 2.2 INITIALIZE UPDATE (0x50) oddness

Ludovic Rousseau
2013/9/20 landyman70 <[hidden email]>:

> Okay, been doing a bit more investigating.
> When I run my application, I call the methods in the following order:
> SCardEstablishContext
> [loop]
> SCardConnect
> SCardStatus
> SCardTransmit (select Card Manager A0 00 00 00 03 00 00 00)
> SCardTransmit (get response [00 c0 ...])
> SCardDisconnect()
> [end of loop]
> SCardReleaseContext
>
> so in each loop i connect, get the status (for ATR) and send some commands
> then close the card.
>
> However when I do this I the first SCardTransmit returns 6D00.
> if I then run gscriptor, connect and send the same 2 APDUs it works. Once
> this has worked, my app works correctly.
>
> My calls are:
> SCardEstablishContext(SCARD_SCOPE_SYSTEM, NULL, NULL, &hContext)
> SCardConnect(hContext, mszReader, SCARD_SHARE_SHARED, SCARD_PROTOCOL_T0 |
> SCARD_PROTOCOL_T1, &hCard, &dwActiveProtocol)
> SCardStatus(hCard, mszReader, dwReaderNameLen, dwState, dwActiveProtocol,
> pATR, dwATRLen)
> SCardTransmit(hCard, pioSendPci, command, sizeof(command), NULL, pRXData,
> &dwRXDataSize)
> SCardDisconnect(hCard, SCARD_LEAVE_CARD)
> SCardReleaseContext(hContext)
>
> Why is my card not responding up properly until I use gscriptor?

Maybe you should reset the card before the loop start to set the card
in a correct state.

Bye

--
 Dr. Ludovic Rousseau

_______________________________________________
Muscle mailing list
[hidden email]
http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com
Reply | Threaded
Open this post in threaded view
|

Re: GP 2.2 INITIALIZE UPDATE (0x50) oddness

Sebastien Lorquet
In reply to this post by landyman70
OK, now we know the card manager AID.

Is your card response so confidential that you still don't send me the answer to
this select command after 3 requests?

The answer to select may explain why you get the same random.

Best regards

Sébastien Lorquet

Le 20/09/2013 16:16, landyman70 a écrit :
> SCardTransmit (select Card Manager A0 00 00 00 03 00 00 00)
> SCardTransmit (get response [00 c0 ...])

_______________________________________________
Muscle mailing list
[hidden email]
http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com
Reply | Threaded
Open this post in threaded view
|

Re: GP 2.2 INITIALIZE UPDATE (0x50) oddness

Sebastien Lorquet
In reply to this post by Ludovic Rousseau
One more important question for my understanding of the situation.

is it correct that

-on windows, you get a random in init update, you send external authenticate,
and the next random is different

-BUT on linux, you send repeated init update WITHOUT any external authenticate?

Is this true or false?

BR
Sebastien

_______________________________________________
Muscle mailing list
[hidden email]
http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com
12